Filtering sequence numbers between concurrent incoming TCP transmissions

[Jeff Bruns <jeff.bruns () gmail com>]

Greetings-
I've been using Wireshark to analyze network traffic that's being parsed by
a network sniffing perl application. My recent problem is that I've
discovered 2 incoming messages, occuring within nanoseconds of each other. I
suspect that my network sniffer is trying to reassemble some or all of the
packets of both messages into a single message. Obviously the packets from
both of these transmissions adhere to one of two sequence number schemes,
depending on which message they belong to.

My question is, how can I look at the sequence number of one of these
packets and say for sure that it belongs to the first transmission over the
second? Actually, to narrow it down a bit, due to the nature of the data I'm
sniffing as soon as the SYN packet arrives from the second transmission, I
no longer care about the first transmission. So to rephrase my question, how
can I look at the sequence number of an incoming packet and identify it as
not belonging to the current TCP stream? Is there something I can use such
as window size, to say: if seq_num + X > Y then discard because the seq_num
is way off what we're working with in the current stream.

Just looking at the sequence numbers from these two streams I can easily
tell which packet belongs to which stream. The sequence numbers are
significantly different. But how can make the same determination in my
application?

Thanks

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe